Are Your Employees Making Your Business Vulnerable to Cyber-Attacks?

8/4/2017

BY: ELLIOT FORSYTH

Cybersecurity is no longer optional—it’s a necessity for business survival. As cyber-attacks have become increasingly sophisticated and the frequency continues to escalate at breakneck speed, it’s imperative that your business has a plan to combat these dire threats. After all, it’s no longer a question of “if” a cyber-attack will occur, it’s now a matter of “when.” According to a Deloitte report, 39 percent of executives surveyed experienced a breach in the past 12 months.

While technical compliance issues are an integral part to help safeguard your business, one critical element is frequently overlooked—the human element. Cybersecurity is primarily focused on the dangers of outside threats, but businesses must recognize that inside cybersecurity threats caused by employees are equally damaging and expose your business to serious vulnerabilities. Worst of all, your employees might not even be aware they’re putting your business at risk!

The emphasis on staff safeguards and training is evident in a guiding cybersecurity document published by the National Institute of Standards and Technology (NIST). The publication, known as NIST 800-171, is a fundamental part of requirements for Department of Defense (DoD) contractors who must comply with Defense Acquisition Regulations System (DFARS) clause 252.204-7012 by December 31, 2017.

The focus of NIST 800-171 centers on Controlled Unclassified Information (CUI), unclassified information that must be protected from public disclosure. NIST’s Special Publication 800-171 defines policies in 14 main categories that apply to all prime and subcontractor companies conducting business with the Federal Government. Five of the 14 components address the human element of cybersecurity. By following the best practices for each, you can make a significant impact on the security of your organization’s infrastructure, as well as meet compliance requirements for doing business with the DoD:

Access Control & Identification and Authentication – 80% of cyber-attacks are attributed to weak authentication (Source: Dr. John Zandargi, Acting Department of Defense Chief Information Officer). Enforce a minimum password complexity and change of characters when new passwords are created, and prohibit password reuse for a specified number of generations. To maximize security, limit system access to authorized users only. Protect wireless access prior to allowing such connections and encrypt CUI on mobile devices and mobile computing platforms.

Awareness and Training – Ongoing training and education is essential for all employees. Ensure that managers, systems administrators and all users of the organizational system are aware of the security risks associated with their activities and of the applicable policies, standards and procedures related to the security of those systems. Verify that staff personnel are adequately trained to carry out their assigned information security-related duties and responsibilities.

Personnel Security – According to the 2017 Black Hat Attendee Survey, the most feared cyber attacker is someone who has “inside knowledge of my organization.” Always screen individuals prior to authorizing access to organizational systems containing CUI. Ensure that CUI and any systems with CUI are protected during and after personnel actions such as terminations and transfers.

Are your employees unknowingly sharing highly-sensitive information? Are safeguards in place to ensure an employee doesn’t leak confidential data to a hacker? Are you at risk for losing DoD business? When you have proper training and safeguards in place, you can confidently answer these questions and help protect your organization and intellectual property.

Ask how the Michigan Manufacturing Technology Center (The Center) can help. Contact The Center today at 888.414.6682 or email cyber@the-center.org to get started. Have a question? Read our most frequently asked cybersecurity questions here.

MEET OUR EXPERT

Elliot Forsyth, Vice President of Business Operations
Elliot Forsyth is Vice President of Business Operations at the Michigan Manufacturing Technology Center (The Center) where he is responsible for leading practice areas that include cybersecurity, technology acceleration, marketing, market research and business development. The Center plays a lead role in coordinating and streamlining technology-related services to Michigan’s established industries and in assisting businesses to diversify into new and under-served markets.

As a National Institute for Standards and Technology (NIST) affiliate, The Center has developed a state-of-the-art cybersecurity service for companies in the defense, aerospace and automotive industries. Over the past two years, Elliot led this effort and expanded his expertise in cybersecurity, supporting Michigan companies to safeguard their businesses and maintain regulatory compliance. As a result, Elliot has been quoted and interviewed by print, broadcast and online media outlets, as well as presenting at numerous conferences and events.

Since 1991, the Michigan Manufacturing Technology Center has assisted Michigan’s small and medium-sized businesses to successfully compete and grow. Through personalized services designed to meet the needs of clients, we develop more effective business leaders, drive product and process innovation, promote company-wide operational excellence and foster creative strategies for business growth and greater profitability. Find us at www.the-center.org.